rewrite api/posts/delete to be more secure and add unit tests for it

git-svn-id: https://semanticscuttle.svn.sourceforge.net/svnroot/semanticscuttle/trunk@769 b3834d28-1941-0410-a4f8-b48e95affb8f
This commit is contained in:
cweiske 2010-09-28 22:14:31 +00:00
parent df8216d607
commit 22c9a01ee8
3 changed files with 62 additions and 28 deletions

View file

@ -176,7 +176,10 @@ class SemanticScuttle_Service_Bookmark extends SemanticScuttle_DbService
* Retrieves a bookmark with the given URL. * Retrieves a bookmark with the given URL.
* DOES NOT RESPECT PRIVACY SETTINGS! * DOES NOT RESPECT PRIVACY SETTINGS!
* *
* @param string $address URL to get bookmarks for * @param string $address URL to get bookmarks for
* @param boolean $all Retrieve from all users (true)
* or only bookmarks owned by the current
* user (false)
* *
* @return mixed Array with bookmark data or false in case * @return mixed Array with bookmark data or false in case
* of an error (i.e. not found). * of an error (i.e. not found).
@ -184,9 +187,9 @@ class SemanticScuttle_Service_Bookmark extends SemanticScuttle_DbService
* @uses getBookmarkByHash() * @uses getBookmarkByHash()
* @see getBookmarkByShortname() * @see getBookmarkByShortname()
*/ */
public function getBookmarkByAddress($address) public function getBookmarkByAddress($address, $all = true)
{ {
return $this->getBookmarkByHash($this->getHash($address)); return $this->getBookmarkByHash($this->getHash($address), $all);
} }
@ -195,16 +198,19 @@ class SemanticScuttle_Service_Bookmark extends SemanticScuttle_DbService
* Retrieves a bookmark with the given hash. * Retrieves a bookmark with the given hash.
* DOES NOT RESPECT PRIVACY SETTINGS! * DOES NOT RESPECT PRIVACY SETTINGS!
* *
* @param string $hash URL hash * @param string $hash URL hash
* @param boolean $all Retrieve from all users (true)
* or only bookmarks owned by the current
* user (false)
* *
* @return mixed Array with bookmark data or false in case * @return mixed Array with bookmark data or false in case
* of an error (i.e. not found). * of an error (i.e. not found).
* *
* @see getHash() * @see getHash()
*/ */
public function getBookmarkByHash($hash) public function getBookmarkByHash($hash, $all = true)
{ {
return $this->_getbookmark('bHash', $hash, true); return $this->_getbookmark('bHash', $hash, $all);
} }

View file

@ -202,8 +202,9 @@ class Api_PostsDeleteTest extends TestBaseApi
//send request //send request
$res = $req->send(); $res = $req->send();
//401 - unauthorized //404 - user does not have that bookmark
$this->assertEquals(401, $res->getStatus()); $this->assertEquals(404, $res->getStatus());
//verify MIME content type //verify MIME content type
$this->assertEquals( $this->assertEquals(
'text/xml; charset=utf-8', 'text/xml; charset=utf-8',
@ -211,10 +212,10 @@ class Api_PostsDeleteTest extends TestBaseApi
); );
//verify xml //verify xml
$this->assertNotTag( $this->assertTag(
array( array(
'tag' => 'result', 'tag' => 'result',
'attributes' => array('code' => 'done') 'attributes' => array('code' => 'something went wrong')
), ),
$res->getBody(), $res->getBody(),
'', false '', false

View file

@ -1,33 +1,60 @@
<?php <?php
// Implements the del.icio.us API request to delete a post. /**
* API for deleting a bookmark.
// del.icio.us behavior: * The delicious API is implemented here.
// - returns "done" even if the bookmark doesn't exist; *
// - does NOT allow the hash for the url parameter; * The delicious API behaves like that:
// - doesn't set the Content-Type to text/xml (we do). * - returns "done" even if the bookmark doesn't exist
* - we do it correctly
* - does NOT allow the hash for the url parameter
* - doesn't set the Content-Type to text/xml
* - we do it correctly, too
*
* SemanticScuttle - your social bookmark manager.
*
* PHP version 5.
*
* @category Bookmarking
* @package SemanticScuttle
* @author Benjamin Huynh-Kim-Bang <mensonge@users.sourceforge.net>
* @author Christian Weiske <cweiske@cweiske.de>
* @author Eric Dane <ericdane@users.sourceforge.net>
* @license GPL http://www.gnu.org/licenses/gpl.html
* @link http://sourceforge.net/projects/semanticscuttle
*/
// Force HTTP authentication first! // Force HTTP authentication first!
$httpContentType = 'text/xml'; $httpContentType = 'text/xml';
require_once 'httpauth.inc.php'; require_once 'httpauth.inc.php';
/* Service creation: only useful services are created */ $bs = SemanticScuttle_Service_Factory::get('Bookmark');
$bookmarkservice =SemanticScuttle_Service_Factory::get('Bookmark'); $uId = $userservice->getCurrentUserId();
// Note that del.icio.us only errors out if no URL was passed in; there's no error on attempting
// to delete a bookmark you don't have.
// Error out if there's no address // Error out if there's no address
if (is_null($_REQUEST['url'])) { if (!isset($_REQUEST['url'])
|| $_REQUEST['url'] == ''
) {
$deleted = false; $deleted = false;
} else if (!$bs->bookmarkExists($_REQUEST['url'], $uId)) {
//the user does not have such a bookmark
// Note that del.icio.us only errors out if no URL was passed in;
// there's no error on attempting to delete a bookmark you don't have.
// this sucks, and I don't care about being different but correct here.
header('HTTP/1.0 404 Not Found');
$deleted = false;
} else { } else {
$bookmark = $bookmarkservice->getBookmarkByAddress($_REQUEST['url']); $bookmark = $bs->getBookmarkByAddress($_REQUEST['url'], false);
$bid = $bookmark['bId']; $bId = $bookmark['bId'];
$delete = $bookmarkservice->deleteBookmark($bid); $deleted = $bs->deleteBookmark($bId);
$deleted = true; if (!$deleted) {
//something really went wrong
header('HTTP/1.0 500 Internal Server Error');
}
} }
// Set up the XML file and output the result. // Set up the XML file and output the result.
echo '<?xml version="1.0" standalone="yes" ?'.">\r\n"; echo '<?xml version="1.0" standalone="yes" ?' . ">\r\n";
echo '<result code="'. ($deleted ? 'done' : 'something went wrong') .'" />'; echo '<result code="' . ($deleted ? 'done' : 'something went wrong') . '" />';
?> ?>